CVE-2019-25044
https://notcve.org/view.php?id=CVE-2019-25044
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. El block subsystem en el kernel de Linux versiones anteriores a 5.2 presenta un uso de la memoria previamente liberada que puede conllevar a una ejecución de código arbitrario en el contexto del kernel y una escalada de privilegios, también se conoce como CID-c3e2219216c9. Esto está relacionado con las funciones blk_mq_free_rqs y blk_cleanup_queue • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e2219216c92919a6bd1711f340f5faa98695e6 https://security.netapp.com/advisory/ntap-20210629-0006 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-blk_mq_free_rqs https://syzkaller.appspot.com/bug?id=36fe241584203cf394d44560a42e3430434f1213 • CWE-416: Use After Free •
CVE-2020-25670
https://notcve.org/view.php?id=CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 http://www.openwall.com/lists/oss-security/2021/05/11/4 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://li • CWE-416: Use After Free •
CVE-2021-32399 – kernel: race condition for removal of the HCI controller
https://notcve.org/view.php?id=CVE-2021-32399
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. El archivo net/bluetooth/hci_request.c en el kernel de Linux versiones hasta 5.12.2, presenta una condición de carrera para la eliminación del controlador HCI A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://www.openwall.com/lists/oss-security/2021/05/11/2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://security.netapp.com/advisory/ntap-20210622-0006 https://access.redhat.com/security/cve/CVE-2021-32399 https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-35519
https://notcve.org/view.php?id=CVE-2020-35519
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de acceso a la memoria fuera de los límites (OOB) en la función x25_bind en el archivo net/x25/af_x25.c en el kernel de Linux versión v5.12-rc5. Un fallo en la comprobación de límites permite a un atacante local con una cuenta de usuario en el sistema conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una filtración de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1908251 https://security.netapp.com/advisory/ntap-20210618-0009 • CWE-125: Out-of-bounds Read •
CVE-2021-3501 – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
https://notcve.org/view.php?id=CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.12. El valor de internal.ndata, en la API de KVM, es asignado a un índice de matriz, que puede ser actualizado por un proceso de usuario en cualquier momento, lo que podría conllevar a una escritura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1950136 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a https://security.netapp.com/advisory/ntap-20210618-0008 https://access.redhat.com/security/cve/CVE-2021-3501 • CWE-787: Out-of-bounds Write •